package com.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
@RequestMapping("/user")
public class UserController {

    @RequestMapping("/add")
    @PreAuthorize("hasAuthority('ADD_CHECKITEM')")//必须有添加的权限才能访问
    public String add(){
        System.out.println("add------");
        return "add";
    }

    @RequestMapping("/update")
    @PreAuthorize("hasRole('ROLE_ADMIN')")//必须角色是admin才能访问
    public String update(){
        System.out.println("update------");
        return "update";
    }

    @RequestMapping("/delete")
    @PreAuthorize("isAuthenticated()")//认证通过了就可以访问
    public String delete(){
        System.out.println("delete------");
        return "delete";
    }

}
